[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP C API: LDAP_OPT_ERROR_NUMBER/STRING clobbering

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.Org>
Subject: Re: LDAP C API: LDAP_OPT_ERROR_NUMBER/STRING clobbering
From: Mark Smith <mcs@netscape.com>
Date: Mon, 14 Jun 1999 11:51:48 -0400
Cc: ietf-ldapext@netscape.com
Organization: Netscape Communications
References: <3.0.5.32.19990613104955.009888f0@localhost>
Resent-date: Mon, 14 Jun 1999 08:51:59 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"b5Z0OD.A.QhC.YUSZ3"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

"Kurt D. Zeilenga" wrote:
> 
> Per some offline discussions, I suggest the specification
> state the following:
> 
>   ldap_set_option should not modify the session error
>   number (accessible via LDAP_OPT_ERROR_NUMBER) or the
>   error string (accessible via LDAP_OPT_ERROR_STRING) values
>   of the LDAP session except:
>        by request (LDAP_OPT_ERROR_NUMBER or LDAP_OPT_ERROR_STRING)
>        was specified, or
>         upon error.
> 
>   ldap_get_option should not modify the session error
>   number (accessible via LDAP_OPT_ERROR_NUMBER) or the
>   error string (accessible via LDAP_OPT_ERROR_STRING) values
>   of the LDAP session except upon error.
> 
> The intent of this change is require implementations not
> clobber the session error number/string when a successful
> access was made.

For the (public) record, I agree with the above.  For the
Netscape/Mozilla implementation, this will dictate a change in behavior
since we always set the error number to LDAP_SUCCESS or a failure code
-- but I consider that to be a bug.

> 
> Additional comments:
> 
> This does not prevent a implementation from clobberring a
> protocol error number/string when an application is fetch
> the protocol string/number.  Ie:
> 
>         rc = ldap_get_option(ld, LDAP_OPT_ERROR_STRING, &s);
> 
>         if( rc ) {
>                 /* error, LDAP_OPT_ERROR_NUMBER is clobberred
>                         with API error */
>         }
> 
> or:
>         rc = ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &s);
> 
>         if( rc ) {
>                 /* error, LDAP_OPT_ERROR_STRING may be clobberred
>                         with API error string */
>         }
> 
> But that's another rant...

I agree that the above limitation is annoying.  My favored solution is
to provide a separate interface for manipulating the error number,
string, and matched DN values, but there was not agreement among the
authors of the C API draft on that point.  The Netscape/Mozilla
implementation does provide such an interface in the form of the
ldap_get_lderrno() and ldap_set_lderrno() functions:

int ldap_get_lderrno( LDAP *ld, char **matcheddnp, char **errorstringp
);

int ldap_set_lderrno( LDAP *ld, int ldaperror, char *matcheddn,
                            char *errorstring );

ldap_get_lderrno() returns the LDAP error code (LDAP_OPT_ERROR_NUMBER)
and sets *matcheddnp and *errorstringp to point to the current
LDAP_OPT_MATCHED_DN and LDAP_OPT_ERROR_STRING values. 
ldap_get_lderrno() does not fail unless the ld parameter is NULL or
otherwise invalid, in which case it returns LDAP_PARAM_ERROR.

ldap_set_lderrno() sets the error information and returns an LDAP error
code to indicate whether it succeeded in doing so or not.

The memory for matcheddn and errorstring is owned by the API
implementation and should not be disposed of or changed by callers of
the API.  In a shared LDAP session multithreaded world,
ldap_get_lderrno() and ldap_set_lderrno() use thread-specific data.

-- 
Mark Smith
Netscape Communications Corp. / Directory Server Engineering
"Got LDAP?"

References:
- LDAP C API: LDAP_OPT_ERROR_NUMBER/STRING clobbering
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.Org>

Prev by Date: Re: LDAP C API draft v3: Small suggestion
Next by Date: Re: modifying top
Index(es):
- Chronological
- Thread